CVE-2022-3656

HIGH

Google Chrome < 107.0.5304.62 - File System Restriction Bypass via Crafted HTML Page

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-3656. PoCs published by momika233.

AI-analyzed exploit summary The repository lacks actual exploit code and instead directs users to download a separate 'poc.zip' file, which is a common tactic for distributing malware or fake exploits. The README provides no technical details about the vulnerability or exploit mechanics.

Description

Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)

Exploits (1)

nomisec SUSPICIOUS 38 stars

by momika233 · poc

https://github.com/momika233/CVE-2022-3656

View Code ZIP pw:eip

The repository lacks actual exploit code and instead directs users to download a separate 'poc.zip' file, which is a common tactic for distributing malware or fake exploits. The README provides no technical details about the vulnerability or exploit mechanics.

Classification

Suspicious 90%

Attack Type

Info Leak

Complexity

Theoretical

Reliability

Theoretical

Target: Google Chrome and Chromium-based browsers

No auth needed

Prerequisites: User interaction to download and execute external files

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Release Notes, Vendor Advisory

https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html

Issue Tracking, Permissions Required, Vendor Advisory

https://crbug.com/1345275

Scores

CVSS v3 8.8

EPSS 0.0166

EPSS Percentile 73.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20

Status published

Products (1)

google/chrome < 107.0.5304.62

Published Nov 01, 2022

Tracked Since Feb 18, 2026